Secure Configuration Guides 3.1

Question 1

Default Configs

Answer 1

No system is safe with the default configs. You need some guidelines to keep things safe. There are hardening guides specific to software or platforms. Get feedback from the manufacturer or internet interest group. Occasionally there are some general-purpose guides online.

Question 2

Web Server Hardening

Answer 2

One of the most popular services on the net. Microsoft’s Internet Information Server, Apache HTTP Server, and others. These are high risk area for security.

Question 3

Web Server Hardening Continued

Answer 3

Information Leakage: Banner information, directory browsing

Permissions: Make sure all permissions are working properly.

Configure SSL: Make sure certificates are installed and current, and you have all the ones you need.

Log Files: Make sure logs are enabled and you have access to them as necessary.

Question 4

Operating System Hardening

Answer 4

Any operating system we install needs to be updated with all necessary system updates, service packs, security patches. User accounts permissions, passwords need to be set up as necessary. Network access permissions as necessary, and anti-virus/malware needs to be in place.

Question 5

Application Server

Answer 5

Usually between the web server and the back end database. Commonly known as “middleware”. This usually provides runtime libraries and programming languages. Usually have a very specific function and all unnecessary services can/should be disabled. It needs to be updated/patched just like everything else.

Question 6

Network Infrastructure Devices

Answer 6

Switches, routers, firewalls, IPS. They generally have purpose built operating systems to handle their specific tasks. These have to be integrated with a backend authentication process. These devices don’t get as many updates as our phones for example. You need to stay aware and up to date with these devices.